[Openswan Users] Problems with Checkipoint
Randy Wyatt
rwyatt at nvtl.com
Wed Nov 3 15:39:06 EDT 2010
You need to post logfiles in order to receive help.
On my systems, all messages are logged into /var/log/secure.
Regards,
Randy
-----Original Message-----
From: users-bounces at openswan.org on behalf of Ronaldo Santos (terra)
Sent: Wed 11/3/2010 11:50 AM
To: users at openswan.org
Subject: [Openswan Users] Problems with Checkipoint
Good Aftrnoon,
I'm having a problem to configure Openswan with Checkpoint FW-1 (Nokia IO290).
I think it is missing some parameters in my ipsec.conf.
Can someone help me?
The subnet the openswan: 10.138.66.0/24
ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
uniqueids=yes
nat_traversal=yes
conn site1
keylife=1h
ikelifetime=24h
aggrmode=no
type=tunnel
left=yyy.yyy.yyy.yyy
leftsubnet=10.138.66.0/24
right=xxx.xxx.xxx.xxx
rightsubnet=10.97.64.0/24
keyexchange=ike
auth=esp
auto=start
authby=secret
ike=3des-sha1;modp1024
esp=3des-md5
pfs=no
The subnet the checkpoint: 10.97.64.0/24
Praxair
VPN gateway device
Nokia IP290
VPN gateway Software
Checkpoint FW-1
IP Address tunnel endpoint
xxx.xxx.xxx.xxx
Encryption Domain
tbd
Phase 1
Encryption schemes IKE
Key exchange Method
3DES
Data integrity
SHA1
Pre-Shared-Key
tbd
Diffie-Hellman Group
Group 2
IKE session key is changed.
86400 seconds
Support Aggressive Mode
NO
Support Keys exchange for Subnets
YES
Phase 2
Encryption schemes IKE
DATA Integrity + Encr.
ESP
Encryption Algorithm
3DES
Data Integrity
MD5
Compression Method
No compression
Use Perfect Forward Secrecy
NO
IPSec session key is changed
3600 seconds
seconds
Ronaldo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101103/1229b218/attachment.html
More information about the Users
mailing list